8.6
CVE-2025-14187 - UGREEN DH2100+ nas_svr create handler_file_backup_create buffer overflow
A weakness has been identified in UGREEN DH2100+ up to 5.3.0.251125. This affects the function handler_file_backup_create of the file /v1/file/backup/create of the component nas_svr. Executing manipulation of the argument path can lead to buffer overflow. The attack can be executed remotely. The exβ¦
5.1
CVE-2025-14186 - Grandstream GXP1625 Network Status api.values.post cross site scripting
A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpn_ip results in basic cross site scripting. Remote exploitation of theβ¦
5.3
CVE-2025-14185 - Yonyou U8 Cloud AppServletService.class sql injection
A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The attack may be launched remotely. The exploitβ¦
5.3
CVE-2025-14184 - SGAI Space1 NAS N1211DS gsaiagent JSONAPI NGNIX_UPLOAD command injection
A vulnerability was determined in SGAI Space1 NAS N1211DS up to 1.0.915. Impacted is the function RENAME_FILE/OPERATE_FILE/NGNIX_UPLOAD of the file /cgi-bin/JSONAPI of the component gsaiagent. This manipulation causes command injection. The attack may be initiated remotely. The exploit has been pubβ¦
5.3
CVE-2025-14183 - SGAI Space1 NAS N1211DS gsaiagent JSONAPI GET_USER_INFO credentials storage
A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GET_FACTORY_INFO/GET_USER_INFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploiβ¦
5.3
CVE-2025-14182 - Sobey Media Convergence System upload path traversal
A vulnerability has been found in Sobey Media Convergence System 2.0/2.1. This vulnerability affects unknown code of the file /sobey-mchEditor/watermark/upload. The manipulation of the argument File leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to theβ¦
0.0
CVE-2025-40289 - drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM Otherwise accessing them can cause a crash.
0.0
CVE-2025-40288 - drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices Previously, APU platforms (and other scenarios with uninitialized VRAM managers) triggered a NULL pointer dereference in `ttm_resource_manager_usage()`. The rβ¦
0.0
CVE-2025-40287 - exfat: fix improper check of dentry.stream.valid_size
In the Linux kernel, the following vulnerability has been resolved: exfat: fix improper check of dentry.stream.valid_size We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service (DoS) condition. When a dentry in an exFAT filesystem is malformed, the following sβ¦
0.0
CVE-2025-40286 - smb/server: fix possible memory leak in smb2_read()
In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible memory leak in smb2_read() Memory leak occurs when ksmbd_vfs_read() fails. Fix this by adding the missing kvfree().